Ryerson in talks to make two-factor authentication mandatory for incoming students

While two-factor authentication is currently only required for Ryerson employees, Ryerson is looking into making it mandatory for incoming students as well.

Although no formal announcement has been made, the university’s Chief Information Officer, Brian Lesser, said they are in talks to implement this as a requirement next school year.

Incoming students would need to set up their two-factor authentication or they would not be able to access their accounts. The feature would remain an option for current students.

Two factor authentication requires users to enter a unique piece of information in addition to their username and password to log in. Ryerson students have the option of using Google Authenticator for Android and iOS. The app provides a code that must be entered while logging in. The code is time-sensitive, and will change every few seconds.

According to Lesser, of roughly 65,000 Ryerson student accounts, only 1,890 students, including former student employees, have their two-factor authentication set up.

“It is a very small number, that’s why we would go mandatory probably next summer or next fall. It’s just to get those numbers up so it’s much harder to break into a Ryerson account,” Lesser said.

Students can choose to set up two-factor all applications or only required applications. Selecting “all applications” will protect your account on D2L, RAMSS, and Google applications, while “required applications” will not. About 77% percent of students with two-factor authentication have it set up for all applications.

Courtesy: Brian Lesser

The university made two-factor authentication mandatory for all Ryerson employees in August. Ryerson experienced a spike in registration for two-factor authentication after last year’s cybersecurity awareness month in October.

“Enough [employees] are already using it that if we made it a requirement, it wouldn’t be too hard for the rest of the university to go along,” Lesser said.

Hijacking of Ryerson accounts have gotten worse over the years. Over 1,100 accounts were compromised in 2014, most of which were student accounts.

Lesser said they were starting to see more attacks in the university sector, where employee accounts were taken over to change banking information and transfer pay to other accounts.

“Those kinds of attacks, even though they weren’t successful, were very concerning. We wanted to do something to really raise the bar to make it much harder for people to get hold of your account,” he said. “It’s not a perfect protection, but it’s much better than just a password.”

Laura Emberson, fourth-year RTA student, says two-factor authentication is an easy way to protect her account.

Emberson has a job off-campus that also uses two-factor. She used the Google Authenticator app and added her Ryerson account in less than a minute.

“It’s a slight inconvenience, but I think in the long run, especially with the cybersecurity stuff that was being pushed last year by Ryerson, I just think it’s a good, easy step to protecting data,” she said.